Posted on Friday July 21, 2017

New strains of malware are being developed every day. In fact, the number was nearly one million per day in 2015. With so many in existence, some have gone under the radar, as such is the case with CopyCat. So if you're using any type of Android device, know that CopyCat likes to use its claws.

What is it?

CopyCat is a strain of malware that pretends to be a popular app on third-party app stores. Alarmingly, it has already infected more than 14 million Android devices around the world, with the majority of victims in Asia. However, users in the U.S. aren't in the clear as 280,000 Android devices have been hit since 2015.

Why is it dangerous?

Once downloaded, CopyCat collects data from the infected device and downloads rootkits that cut off the device's security system. From there, it can download fake apps and hijack your device's Zygote, the launcher for every app on your phone.

With control over your Zygote, CopyCat will know about every new app you've downloaded and opened. This allows it to replace the Referrer ID on your apps with its own and send revenues for every ad that pops up on the app to hackers instead of the app's creators. Sometimes it even throws in its own ads to increase fraudulent ad revenues, too. So far, there have been nearly 4.9 million fake apps installed on infected devices, estimated to make CopyCat hackers more than $1.5 million.

And while it’s mainly after ad revenues, it could easily compromise confidential data collected from your Android device.

How to protect your Android device?

The malware spreads through five exploits that hit devices running Android 5.0 and earlier versions. Luckily, Google was able to track down this malware to update Google Play so all exploits have been discovered and patched.

However, Android users on older devices should avoid downloading apps from third-party vendors just to be safe. And even if you're using newer versions of the Android OS, we recommend you ensure your Play Protect function -- Google's security system which consists of application scanning, browser protection, and anti-theft measures -- is activated. It should be on by default on your Android device, but you can check its status by opening Google Play Store app > Tap Menu > Play Protect.

In an ideal world, you'll no longer have to worry about cyber attacks and all the damage they can cause. But for now, staying knowledgeable and informed is the best way to protect yourself. If you'd like to learn more about how to keep your Android devices safe, just give us a call. We'll be happy to help.

Celebrating 35+ Years

Managed Computer Support Services

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016